Hi Mahmood, This line looks out of place. Check that host name is getting resolved: get_socket_address: getnameinfo 8 failed: Name or service not known I am sure you would have performed the same steps on both hosts. Try establishing connection with IP Address instead of hostname. Regards, Sharad --- On Thu, 28/4/11, Mahmood Naderan <nt_mahmood@xxxxxxxxx> wrote: > From: Mahmood Naderan <nt_mahmood@xxxxxxxxx> > Subject: Re: problem with HostbasedAuthentication > To: "Sharad" <sharad2011@xxxxxxxxx> > Cc: "secureshell@xxxxxxxxxxxxxxxxx" <secureshell@xxxxxxxxxxxxxxxxx> > Date: Thursday, 28 April, 2011, 11:12 PM > Dear Sharad, > I am now trying to setup a hostbased ssh from server to > client (previously client->server worked fine based on > your help). I want it to be bidirectional. > > I did the same thing in reverse (now the client becomes > server and the server becoms client). However this is what I > get while trying to ssh from server to client: > > > debug3: Wrote 48 bytes for a total of 1063 > debug2: service_accept: ssh-userauth > debug1: SSH2_MSG_SERVICE_ACCEPT received > debug2: key: /home/mahmood/.ssh/identity ((nil)) > debug2: key: /home/mahmood/.ssh/id_rsa ((nil)) > debug2: key: /home/mahmood/.ssh/id_dsa ((nil)) > debug3: Wrote 64 bytes for a total of 1127 > debug1: Authentications that can continue: > publickey,password,hostbased > debug3: start over, passed a different list > publickey,password,hostbased > debug3: preferred > gssapi-keyex,gssapi-with-mic,gssapi,hostbased,publickey,keyboard-interactive,password > debug3: authmethod_lookup hostbased > debug3: remaining preferred: > publickey,keyboard-interactive,password > debug3: authmethod_is_enabled hostbased > debug1: Next authentication method: hostbased > get_socket_address: getnameinfo 8 failed: Name or service > not known > debug2: userauth_hostbased: chost server. > debug2: ssh_keysign called > debug3: ssh_msg_send: type 2 > debug3: ssh_msg_recv entering > debug1: permanently_drop_suid: 1000 > get_socket_address: getnameinfo 8 failed: Name or service > not known > cannot get sockname for fd > ssh_keysign: no reply > key_sign failed > debug2: we did not send a packet, disable method > debug3: authmethod_lookup publickey > debug3: remaining preferred: keyboard-interactive,password > debug3: authmethod_is_enabled publickey > debug1: Next authentication method: publickey > debug1: Trying private key: /home/mahmood/.ssh/identity > debug3: no such identity: /home/mahmood/.ssh/identity > debug1: Trying private key: /home/mahmood/.ssh/id_rsa > debug3: no such identity: /home/mahmood/.ssh/id_rsa > debug1: Trying private key: /home/mahmood/.ssh/id_dsa > debug3: no such identity: /home/mahmood/.ssh/id_dsa > debug2: we did not send a packet, disable method > debug3: authmethod_lookup password > debug3: remaining preferred: ,password > debug3: authmethod_is_enabled password > debug1: Next authentication method: password > mahmood@xxxxxxxxxxx's password: > > > What is your suggestion? > > // Naderan *Mahmood; > > > ----- Original Message ----- > From: Sharad <sharad2011@xxxxxxxxx> > To: Mahmood Naderan <nt_mahmood@xxxxxxxxx> > Cc: "secureshell@xxxxxxxxxxxxxxxxx" > <secureshell@xxxxxxxxxxxxxxxxx> > Sent: Thursday, April 28, 2011 5:20 PM > Subject: Re: problem with HostbasedAuthentication > > Mahmood, > > The files are /home/username/.ssh/known_hosts on both > server and client. > > By FQDN, I meant host's fully qualified domain name. > > Following is the example: > > Assuming both client and server are linux hosts: > > Server IP: 192.168.1.1 > Client IP: 192.168.1.101 > > Server Name: lnx_srvr_1.domain.com > Client Name: lnx_clnt_101.domain.com > > User name on each host is mahmood. > > Following would be the entries in .shosts on lnx_srvr_1 > > > lnx_srvr_1:/home/mahmood $ cat .shosts > > lnx_clnt_101.domain.com mahmood > 192.168.1.101 mahmood > lnx_clnt_101 mahmood > > Following should exist in /home/mahmood/.ssh/known_hosts > file on the server side: > 192.168.1.101,lnx_clnt_101,lnx_clnt_101.domain.com > ssh-rsa AAAAB3Nz... > > Following should also exist in > /home/mahmood/.ssh/known_hosts file on the client side: > 192.168.1.1,lnx_srvr_1,lnx_srvr_1.domain.com ssh-rsa > AAAAB3Nz... > > Ensure that .ssh directory on both client and server are > rwx for owner only and group/rest of world is 000. > > Hope this helps! Good Luck! :) > > Regards, > Sharad > --- On Thu, 28/4/11, Mahmood Naderan <nt_mahmood@xxxxxxxxx> > wrote: > > > From: Mahmood Naderan <nt_mahmood@xxxxxxxxx> > > Subject: Re: problem with HostbasedAuthentication > > To: "Sharad" <sharad2011@xxxxxxxxx> > > Cc: "secureshell@xxxxxxxxxxxxxxxxx" > <secureshell@xxxxxxxxxxxxxxxxx> > > Date: Thursday, 28 April, 2011, 3:54 PM > > Can you explain exactly which file I > > should edit? What is FQDN? By 'hostname', Do you mean > server > > hostname of client hostname. > > Should I do that on both side or server side?... > > > > // Naderan *Mahmood; > > > > > > ----- Original Message ----- > > From: Sharad <sharad2011@xxxxxxxxx> > > To: Mahmood Naderan <nt_mahmood@xxxxxxxxx>; > > Asif Iqbal <vadud3@xxxxxxxxx> > > Cc: "secureshell@xxxxxxxxxxxxxxxxx" > > <secureshell@xxxxxxxxxxxxxxxxx> > > Sent: Thursday, April 28, 2011 1:16 PM > > Subject: Re: problem with HostbasedAuthentication > > > > Sometimes the issue lies with hostname as well. What I > mean > > with that is the known_hosts may have just the host > name > > where as when the connection is established, the debug > shows > > the FQDN. I faced this issue so to be sure, I edited > the > > known_hosts file and inserted the hostname, hostname's > FQDN > > and it's IP address (all comma separated). > > > > Also ensure that you both the hosts' known_hosts files > have > > opposite servers names (as prescribed above). > > > > All the above checks makes it work for me. > > > > Hope this solves. > > > > Kind regards, > > Sharad > > --- On Thu, 28/4/11, Asif Iqbal <vadud3@xxxxxxxxx> > > wrote: > > > > > From: Asif Iqbal <vadud3@xxxxxxxxx> > > > Subject: Re: problem with > HostbasedAuthentication > > > To: "Mahmood Naderan" <nt_mahmood@xxxxxxxxx> > > > Cc: "secureshell@xxxxxxxxxxxxxxxxx" > > <secureshell@xxxxxxxxxxxxxxxxx> > > > Date: Thursday, 28 April, 2011, 12:38 AM > > > On Wed, Apr 27, 2011 at 1:12 AM, > > > Mahmood Naderan <nt_mahmood@xxxxxxxxx> > > > wrote: > > > >>Change the order method. Have hostbased > > before > > > password > > > > > > > > Sorry where should I do that? > > > > > > man ssh_config and look into > PreferredAuthentications > > > > > > > > > > > // Naderan *Mahmood; > > > > > > > > From: Asif Iqbal <vadud3@xxxxxxxxx> > > > > To: Mahmood Naderan <nt_mahmood@xxxxxxxxx> > > > > Cc: "secureshell@xxxxxxxxxxxxxxxxx" > > > <secureshell@xxxxxxxxxxxxxxxxx> > > > > Sent: Wednesday, April 27, 2011 9:17 AM > > > > Subject: Re: problem with > > HostbasedAuthentication > > > > > > > > > > > > Change the order method. Have hostbased > before > > > password > > > > On Apr 26, 2011 11:52 PM, "Mahmood Naderan" > > <nt_mahmood@xxxxxxxxx> > > > wrote: > > > >> > > > >> > > > >> Hi, > > > >> I am trying to setup a hostbased > passwrodless > > ssh > > > from a client to a server using this guide http://www.ehow.com/how_7621307_set-up-hostbased-authentication.html. > > > >> > > > >> The client looks like: > > > >> > > > >> mahmood@client:~$ cat > /etc/ssh/ssh_config | > > grep > > > "HostbasedAuthentication" > > > >> HostbasedAuthentication yes > > > >> mahmood@client:~$ cat > /etc/ssh/ssh_config | > > grep > > > "EnableSSHKeysign" > > > >> EnableSSHKeysign yes > > > >> > > > >> > > > >> and the server looks like: > > > >> mahmood@server:~$ cat > /etc/ssh/sshd_config > > | > > > grep "HostbasedAuthentication" > > > >> HostbasedAuthentication yes > > > >> mahmood@server:~$ cat > /etc/ssh/sshd_config > > | > > > grep "IgnoreRhosts" > > > >> IgnoreRhosts no > > > >> > > > >> also the server has the key for client: > > > >> > > > >> mahmood@server:~$ cat > > /etc/ssh/ssh_known_hosts > > > >> client ssh-rsa AAAAB3Nz..... > > > >> > > > >> the ~/.shosts file on the server > contains: > > > >> mahmood@server:~$ cat .shosts > > > >> client.domain mahmood > > > >> > > > >> Then on both server and client, the ssh > > service is > > > restarted: > > > >> mahmood@client:~$ sudo service ssh > restart > > > >> ssh start/running, process 1355 > > > >> mahmood@server:~$ sudo service ssh > restart > > > >> ssh start/running, process 28982 > > > >> > > > >> How, when I run "ssh -vvv server" from > client > > (to > > > show the verbose messages), I still get the > password > > > prompt. > > > >> > > > >> mahmood@client:~$ ssh -vvv server > > > >> OpenSSH_5.3p1 Debian-3ubuntu6, OpenSSL > 0.9.8k > > 25 > > > Mar 2009 > > > >> debug1: Reading configuration data > > > /etc/ssh/ssh_config > > > >> debug1: Applying options for * > > > >> debug2: ssh_connect: needpriv 0 > > > >> debug1: Connecting to server > [192.168.1.1] > > port > > > 22. > > > >> debug1: Connection established. > > > >> debug1: identity file > > /home/mahmood/.ssh/identity > > > type -1 > > > >> debug1: identity file > > /home/mahmood/.ssh/id_rsa > > > type -1 > > > >> debug1: identity file > > /home/mahmood/.ssh/id_dsa > > > type -1 > > > >> debug1: Remote protocol version 2.0, > remote > > > software version OpenSSH_5.3p1 Debian-3ubuntu4 > > > >> debug1: match: OpenSSH_5.3p1 > Debian-3ubuntu4 > > pat > > > OpenSSH* > > > >> debug1: Enabling compatibility mode for > > protocol > > > 2.0 > > > >> debug1: Local version string > > SSH-2.0-OpenSSH_5.3p1 > > > Debian-3ubuntu6 > > > >> debug2: fd 3 setting O_NONBLOCK > > > >> debug1: SSH2_MSG_KEXINIT sent > > > >> debug3: Wrote 792 bytes for a total of > 831 > > > >> debug1: SSH2_MSG_KEXINIT received > > > >> debug2: kex_parse_kexinit: > > > > > > diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman- > > > >> group1-sha1 > > > >> debug2: kex_parse_kexinit: > ssh-rsa,ssh-dss > > > >> debug2: kex_parse_kexinit: > > > > > > aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192- > > > >> cbc,aes256-cbc,arcfour,rijndael-cbc@xxxxxxxxxxxxxx > > > >> debug2: kex_parse_kexinit: > > > > > > aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192- > > > >> cbc,aes256-cbc,arcfour,rijndael-cbc@xxxxxxxxxxxxxx > > > >> debug2: kex_parse_kexinit: > > hmac-md5,hmac-sha1,umac-64@xxxxxxxxxxx,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx,hmac-sha1-96,hmac- > > > >> md5-96 > > > >> debug2: kex_parse_kexinit: > > hmac-md5,hmac-sha1,umac-64@xxxxxxxxxxx,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx,hmac-sha1-96,hmac- > > > >> md5-96 > > > >> debug2: kex_parse_kexinit: none,zlib@xxxxxxxxxxx,zlib > > > >> debug2: kex_parse_kexinit: none,zlib@xxxxxxxxxxx,zlib > > > >> debug2: kex_parse_kexinit: > > > >> debug2: kex_parse_kexinit: > > > >> debug2: kex_parse_kexinit: > first_kex_follows > > 0 > > > >> debug2: kex_parse_kexinit: reserved 0 > > > >> debug2: kex_parse_kexinit: > > > > > > diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman- > > > >> group1-sha1 > > > >> debug2: kex_parse_kexinit: > ssh-rsa,ssh-dss > > > >> debug2: kex_parse_kexinit: > > > > > > aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192- > > > >> cbc,aes256-cbc,arcfour,rijndael-cbc@xxxxxxxxxxxxxx > > > >> debug2: kex_parse_kexinit: > > > > > > aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192- > > > >> cbc,aes256-cbc,arcfour,rijndael-cbc@xxxxxxxxxxxxxx > > > >> debug2: kex_parse_kexinit: > > hmac-md5,hmac-sha1,umac-64@xxxxxxxxxxx,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx,hmac-sha1-96,hmac- > > > >> md5-96 > > > >> debug2: kex_parse_kexinit: > > hmac-md5,hmac-sha1,umac-64@xxxxxxxxxxx,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx,hmac-sha1-96,hmac- > > > >> md5-96 > > > >> debug2: kex_parse_kexinit: none,zlib@xxxxxxxxxxx > > > >> debug2: kex_parse_kexinit: none,zlib@xxxxxxxxxxx > > > >> debug2: kex_parse_kexinit: > > > >> debug2: kex_parse_kexinit: > > > >> debug2: kex_parse_kexinit: > first_kex_follows > > 0 > > > >> debug2: kex_parse_kexinit: reserved 0 > > > >> debug2: mac_setup: found hmac-md5 > > > >> debug1: kex: server->client > aes128-ctr > > hmac-md5 > > > none > > > >> debug2: mac_setup: found hmac-md5 > > > >> debug1: kex: client->server > aes128-ctr > > hmac-md5 > > > none > > > >> debug1: > > > > SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) > > sent > > > >> debug1: expecting > SSH2_MSG_KEX_DH_GEX_GROUP > > > >> debug3: Wrote 24 bytes for a total of > 855 > > > >> debug2: dh_gen_key: priv key bits set: > > 124/256 > > > >> debug2: bits set: 507/1024 > > > >> debug1: SSH2_MSG_KEX_DH_GEX_INIT sent > > > >> debug1: expecting > SSH2_MSG_KEX_DH_GEX_REPLY > > > >> debug3: Wrote 144 bytes for a total of > 999 > > > >> debug3: check_host_in_hostfile: > filename > > > /home/mahmood/.ssh/known_hosts > > > >> debug3: check_host_in_hostfile: match > line 1 > > > >> debug3: check_host_in_hostfile: > filename > > > /home/mahmood/.ssh/known_hosts > > > >> debug3: check_host_in_hostfile: match > line 2 > > > >> debug1: Host 'server' is known and > matches > > the RSA > > > host key. > > > >> debug1: Found key in > > > /home/mahmood/.ssh/known_hosts:1 > > > >> debug2: bits set: 503/1024 > > > >> debug1: ssh_rsa_verify: signature > correct > > > >> debug2: kex_derive_keys > > > >> debug2: set_newkeys: mode 1 > > > >> debug1: SSH2_MSG_NEWKEYS sent > > > >> debug1: expecting SSH2_MSG_NEWKEYS > > > >> debug3: Wrote 16 bytes for a total of > 1015 > > > >> debug2: set_newkeys: mode 0 > > > >> debug1: SSH2_MSG_NEWKEYS received > > > >> debug1: SSH2_MSG_SERVICE_REQUEST sent > > > >> debug3: Wrote 48 bytes for a total of > 1063 > > > >> debug2: service_accept: ssh-userauth > > > >> debug1: SSH2_MSG_SERVICE_ACCEPT > received > > > >> debug2: key: > /home/mahmood/.ssh/identity > > ((nil)) > > > >> debug2: key: /home/mahmood/.ssh/id_rsa > > ((nil)) > > > >> debug2: key: /home/mahmood/.ssh/id_dsa > > ((nil)) > > > >> debug3: Wrote 64 bytes for a total of > 1127 > > > >> debug1: Authentications that can > continue: > > > publickey,password,hostbased > > > >> debug3: start over, passed a different > list > > > publickey,password,hostbased > > > >> debug3: preferred > > > > > > gssapi-keyex,gssapi-with-mic,gssapi,hostbased,publickey,keyboard-interactive,password > > > >> debug3: authmethod_lookup hostbased > > > >> debug3: remaining preferred: > > > publickey,keyboard-interactive,password > > > >> debug3: authmethod_is_enabled hostbased > > > >> debug1: Next authentication method: > > hostbased > > > >> debug2: userauth_hostbased: chost > client. > > > >> debug2: ssh_keysign called > > > >> debug3: ssh_msg_send: type 2 > > > >> debug3: ssh_msg_recv entering > > > >> debug1: permanently_drop_suid: 1000 > > > >> debug2: we sent a hostbased packet, wait > for > > > reply > > > >> debug3: Wrote 608 bytes for a total of > 1735 > > > >> debug1: Authentications that can > continue: > > > publickey,password,hostbased > > > >> debug2: userauth_hostbased: chost > client. > > > >> debug2: ssh_keysign called > > > >> debug3: ssh_msg_send: type 2 > > > >> debug3: ssh_msg_recv entering > > > >> debug1: permanently_drop_suid: 1000 > > > >> debug2: we sent a hostbased packet, wait > for > > > reply > > > >> debug3: Wrote 672 bytes for a total of > 2407 > > > >> debug1: Authentications that can > continue: > > > publickey,password,hostbased > > > >> debug1: No more client hostkeys for > > hostbased > > > authentication. > > > >> debug2: we did not send a packet, > disable > > method > > > >> debug3: authmethod_lookup publickey > > > >> debug3: remaining preferred: > > > keyboard-interactive,password > > > >> debug3: authmethod_is_enabled publickey > > > >> debug1: Next authentication method: > > publickey > > > >> debug1: Trying private key: > > > /home/mahmood/.ssh/identity > > > >> debug3: no such identity: > > > /home/mahmood/.ssh/identity > > > >> debug1: Trying private key: > > > /home/mahmood/.ssh/id_rsa > > > >> debug3: no such identity: > > > /home/mahmood/.ssh/id_rsa > > > >> debug1: Trying private key: > > > /home/mahmood/.ssh/id_dsa > > > >> debug3: no such identity: > > > /home/mahmood/.ssh/id_dsa > > > >> debug2: we did not send a packet, > disable > > method > > > >> debug3: authmethod_lookup password > > > >> debug3: remaining preferred: ,password > > > >> debug3: authmethod_is_enabled password > > > >> debug1: Next authentication method: > password > > > >> mahmood@server's password: > > > >> > > > >> > > > >> Any idea about that? > > > >> > > > >> // Naderan *Mahmood; > > > >> > > > > > > > > > > > > > > > > -- > > > Asif Iqbal > > > PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu > > > A: Because it messes up the order in which > people > > normally > > > read text. > > > Q: Why is top-posting such a bad thing? > > > > > > >